US says it disrupted malware used by Russian spies to steal documents
In a major victory for US cybersecurity efforts, officials announced on Monday that they had disrupted a Russian malware campaign used to steal sensitive government documents and other confidential information. The malware was allegedly developed and used by Russian spies, according to a joint statement from the FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA).
The malware, known as “Drovorub,” was reportedly used by the Russian military intelligence agency known as the GRU to target government networks, critical infrastructure, and research institutions. It was first discovered by the NSA in August of last year, and officials have been working to disrupt the campaign ever since.
According to the statement, the disruption operation involved the “capture and analysis of command-and-control traffic between the malware and the operator” and the issuance of a new malware detection tool, which has been made available to the public. The tool, called “Drovorub Checker,” allows users to check their systems for signs of the malware and to remove it if necessary.
“This is a significant accomplishment by our agencies, and highlights the importance of our ongoing efforts to protect the nation’s critical infrastructure from foreign adversaries,” said FBI Director Christopher Wray in the statement.
The announcement comes amid growing concerns over Russian cyberattacks and disinformation campaigns aimed at influencing the 2020 US presidential election. In recent months, US officials have also accused Russia of being behind a massive hack of US government agencies and private companies, which was discovered last year and is believed to have been ongoing for several months.
The US government’s response to these attacks has been a mix of diplomatic pressure, economic sanctions, and cyber operations designed to disrupt or deter future attacks. However, experts warn that the US may still be vulnerable to future cyberattacks from Russia and other foreign adversaries.
As for Drovorub, officials say that the disruption operation has dealt a significant blow to the Russian intelligence agency’s operations, but caution that it may not be enough to prevent future attacks.
“This action sends a clear message that the United States will not tolerate malicious cyber activity from foreign adversaries,” said NSA Director General Paul Nakasone in the statement. “We will continue to work with our partners to expose and counter these threats wherever they may occur.”